Deaddrop Associates

Earlier this year, I was concerned about identity theft. Now I'm trying to come to terms with something similar. I wonder, can you consider it identity theft, if it's just an alias? Even if it's one you've used for so many years that you think of it as you? I don't think it's deliberate, but I feel very unsettled by it, just the same.

I've heard so much about Identity Theft lately, that my heart goes out to the average citizen. There you are, just trying to live life, and now there's one more thing to worry about. Here's a few thoughts that might help.

What is information security, anyway? There are millions of hits in Google for the phrase, and the range of places that surface is strange enough to give one pause. I have recently considered where we might be heading, and have written a few thoughts on the subject. For those of you who must have your information in bite sized chunks, there's a powerpoint briefing. I've also translated the powerpoint into honest html, and will have a white paper, with more details, when it's polished.

In the meantime, here's a recent post I'd made on Daily Dave (now there's a worthwhile mailing list), in answer to a question posed by Steven M. Christey of Mitre. What is the state of vulnerability research?

For the curious, I'm listed on LinkedIn. I'll be looking for work, although I'm not sure whether it'll be consulting, short term, or long term, at this point. I even have a few pictures on Flickr.

I'm in the process of deciding what should go here, and what belongs on deaddrop.com. Looking for something you're sure was here? Try there. Depending on the context, and how useful I thought it was, it may be on both. It may be on neither.

Many years ago, when Rootshell.com was new (it's gone now, don't bother), I was attending a computer conference, where many of the attendees were discussing a threat that I thought was truly old hat. When I said something like "Gee, have you never heard of rootshell?" I got nothing but blank stares. After some discussion of what I thought (at the time) were interesting sites, and places of importance to watch, I was asked if I could just share that information somewhere that would be public.

At the time, I certainly didn't have a place of my own to put it, and my employer would have frowned upon the idea of hosting something such as that, so Tom Perrine of SDSC offered to host it, if I'd write it up. I did, and he did. Later, I had my own page when I had an account at pacbell, and put it there. According to whois, I acquired deaddrop.org in "15-Feb-2000", and began hosting it there. The site itself has been redesigned multiple times, but the list has always been there.

A couple of years ago, I decided that it had served its purpose (the world has changed quite a bit from that day in 1995), and took it down. I've been seeing 404s for it ever since. I even found it quoted in a couple of books. Fine. I updated it, and here it is, with a couple of entertaining additions.

The first annual Port Scan was held at Toorcon 2005. Results are finally announced.


[ Deaddrop Associates | Musings on Security | The Metasploit Project | Attrition | Packet Storm | Deaddrop Networks | Treachery ]


Last modified: Sat Nov 17 19:54:47 PST 2007